hi all i use grok filtering and its all match. This part is ok. My concern is how to extract some data inside %{GREEDYDATA:msg} and create it as a field ?
Example of greddydata:msg is like given below
A B: C
I used %{WORD:a} to test but unfortunately this tag just only able to read the A word and totally ignore B: C
how to convert this A B: C to become one field ? Any help is appreciated !
regarding your comment,you can use this:
%{GREEDYDATA},%{GREEDYDATA:my_value}
tested on:
i am human and,i feel so happy today: true
result:
my_value : i·feel·so·happy·today:·true